HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Supply‑Chain Attacks in Daemon Tools Lite, TanStack, and Nx Console (CVE‑2026‑8398, CVE‑2026‑45321, CVE‑2026‑48027) Added to CISA KEV Catalog

CISA added three high‑severity supply‑chain vulnerabilities to its KEV catalog: malicious Daemon Tools Lite installers, compromised TanStack npm packages, and a tainted Nx Console extension. All three have been observed in the wild, posing credential‑theft and malware‑distribution risks for organizations that rely on third‑party development tools.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

Critical Supply‑Chain Attacks in Daemon Tools Lite, TanStack, and Nx Console (CVE‑2026‑8398, CVE‑2026‑45321, CVE‑2026‑48027) Added to CISA KEV Catalog

What It Is — CISA has added three high‑severity supply‑chain vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The flaws affect Daemon Tools Lite installers, TanStack npm packages, and the Nx Console VS Code extension, each receiving a CVSS v4.0 score of 9.3‑9.5.

Exploitability — All three vulnerabilities have been observed in the wild: maliciously signed Daemon Tools binaries were distributed, 84 compromised TanStack npm versions were published via a hijacked GitHub Actions workflow, and a tainted Nx Console package was live on the Visual Studio Marketplace for 36 minutes before removal. Active exploitation is confirmed.

Affected Products — Daemon Tools Lite (AVB Disc Soft), TanStack JavaScript libraries (npm), Nx Console extension (Visual Studio Marketplace/OpenVSX).

TPRM Impact — These incidents highlight the systemic risk posed by third‑party software components in development pipelines, the potential for credential theft, and the downstream propagation of malware to enterprise environments that rely on trusted supply chains.

Recommended Actions

  • Enforce strict provenance checks: require reproducible builds and verify code‑signing certificates for all third‑party binaries.
  • Immediately upgrade to clean releases: Daemon Tools Lite ≥ 5.2.0, Nx Console ≥ 18.100.0; remove any compromised TanStack npm packages from internal repositories.
  • Harden CI/CD pipelines: restrict pull_request_target usage, limit OIDC token scopes, and monitor GitHub Actions for anomalous token access.
  • Align remediation with CISA’s June 10 2026 deadline and document compliance for audit and contractual obligations.

Source: SecurityAffairs

📰 Original Source
https://securityaffairs.com/192776/security/u-s-cisa-adds-daemon-tools-tanstack-and-nx-console-flaws-to-its-known-exploited-vulnerabilities-catalog.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

This is the scenario continuous vendor monitoring is built to catch.

When a vendor is compromised, your SOC 2 vendor-management controls are what produce the audit trail showing you knew, assessed, and acted. The Verisq AI Trust Operations platform tracks that continuously.

Explore the Verisq AI Trust Operations platform →